Your car is a computer on wheels. Should you fear auto hackers?

Late last year computer-science graduate students at Johns Hopkins University hacked into a Ford Escape's radio-frequency car key and drove the car away.

It wasn't really theft; the car belonged to one of the students. But the hack made clear that cars are vulnerable to digital attack. New autos commonly have up to 20 different electronic components--engine, navigation system, radio--each with a separate operating system. And communications between systems is increasingly wireless. Radio-frequency ID chips now tell the car to open its doors and to start the ignition. Texas Instruments has sold 120 million RFID chips for car keys. And Bluetooth networks are becoming a standard way to connect the car's stereo with the driver's phone and MP3 player. Half of Acura's fleet lets you wirelessly transfer a call between phone and car with a button on the steering wheel.

Carmakers encrypt the conversations between locks, keys and ignition systems, but some codes can be cracked. The Johns Hopkins students, with funding from Bedford, Mass. encryption-security company RSA Security, initially took three months to break the 40-bit encryption in Texas Instruments' digital signal transponder chip, found in the Escape's key fob.

"Now we have a system that does it in half an hour, and we could design software to do it in minutes," requiring just $3,000 in computer equipment, says Ari Juels, RSA's principal research scientist, who ran the project with Hopkins professor Avi Rubin.

No hackers have yet intercepted Bluetooth networking, which is factory-installed in 31 car models sold in the U.S., but viruses may find a way in. The first Bluetooth virus, called Cabir, was produced as a test case last year by the international virus-writing group 29a and was followed by two similar viruses. If a rampaging "son of Cabir" ever managed to jump from an infected phone into a car stereo, it could jam or override the music or slowly drain the battery, says Martin Herfurt, an Austrian wireless security researcher who has discovered several Bluetooth vulnerabilities unrelated to Cabir. A Bluetooth virus won't affect the separate electronics that control the engine or brakes, but to be safe, drivers should disable a phone's Bluetooth "discoverable mode" when not paired with another gadget, or risk being flagged by prowling hackers or viruses.

Chipmakers and car companies say there's no real danger. Newer cars often use longer encryption sequences, up to 128 bits, the tightest security that the Feds allow. "It would be cheaper and easier to go out and get a tow truck and tow the car away," says William Allen, director of strategic alliances for Texas Instruments.

Stock quotes are delayed at least 15 minutes for Nasdaq, at least 20 minutes for NYSE/AMEX.
U.S. indexes are delayed at least 15 minutes with the exception of Nasdaq, Dow Jones Industrial Average and S&P 500 which are 2 minutes delayed.